Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP TMOS
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3
Opened: Jan 12, 2016
Severity: 4-Minor
Attempts to export keys are not logged.
No messages logged to indicate the export attempts.
-- Exporting keys. -- Viewing ltm log.
None.
iControl: ====================== When any of the following iControl functions is called (either by the GUI or directly by a system user), the system logs it in ltm log. The log will include the iControl function name, key names, and BIG-IP user name. key_export_to_file key_export_to_pem export_all_to_archive_stream export_to_archive_stream export_all_to_archive_file export_to_archive_file ltm logs example: ====================== -- info iControlPortal.cgi[26687]: Management: private key export: keys (/Common/kc.key) in Default mode are being exported by user "admin" via KeyCertificate_impl::key_export_to_file() -- info iControlPortal.cgi[26687]: Management: private key export: keys (/Common/default.key, /Common/kc.key) in Default mode are being exported by user "admin" via KeyCertificate_impl::key_export_to_pem() -- info iControlPortal.cgi[26687]: Management: private key export: All keys in Default mode are being exported by user "admin" via KeyCertificate_impl::export_all_to_archive_stream() -- info iControlPortal.cgi[26687]: Management: private key export: keys (/Common/default.key) in Default mode are being exported by user "admin" via KeyCertificate_impl::export_to_archive_stream() -- info iControlPortal.cgi[26687]: Management: private key export: keys (/Common/default.key) in Default mode are being exported by user "admin" via KeyCertificate_impl::export_to_archive_file() -- info iControlPortal.cgi[4868]: Management: private key export: All keys in Default mode are being exported by user "admin" via KeyCertificate_impl::export_all_to_archive_file() -- info iControlPortal.cgi[4868]: Management: private key export: keys (/Common/kc.key, /Common/default.key) in Default mode are being exported by user "admin" via KeyCertificate_impl::export_to_archive_file() tmsh: ====================== The only possibility for using tmsh to export a key is saving a UCS file, so that will be logged. ltm logs example: ====================== notice tmsh[21886]: 01420012:5: private key export: All keys are being exported by user "admin" via UCS saving. GUI: ====================== There are 3 ways that a user can get key export from GUI: -- System :: Certificate Management : Traffic Certificate Management : SSL Certificate List :: default : Key Export -- System :: Certificate Management : Traffic Certificate Management : SSL Certificate List :: Archive... -- System :: Archives :: New Archive... These are internally implemented by using iControl and tmsh calls, so they will be automatically be logged in ltm log as iControl or tmsh users.
With this change, any attempt to export key will be logged in ltm log. Logged attempts include: save a UCS file, archive key files, or export key files, using tmsh/iControl/GUI.
